Written By Michael Bunyard And Presented By Ziften CEO Chuck Leaver
Taking a look through the Cisco 2015 Midyear Security Report, the view was that “the bad guys are innovating faster than the security community.” This is not a distinct declaration and can be found in a great deal of cyber security reports, because they are reactive documents to previous cyber attacks.
If all you do is concentrate on negative outcomes and losses then any report is going to look negative. The fact is that the suppliers that are releasing these reports have a lot to gain from companies that want to purchase more cyber security products.
If you look thoroughly within these reports you will discover excellent pieces of advice that might significantly improve the security arrangements of your company. So why do these reports not start with this info? Well it’s all about selling solutions right?
One anecdote stood apart after reading the report from Cisco that would be simple for organization security groups to deal with. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated often into exploit packages such as Angler and Nuclear. The Flash Player is frequently updated by Adobe, but a variety of users are sluggish to apply these updates that would offer them with the protection that they require. This means that hackers are making the most of the gap between the vulnerability being found and the update patch being used.
Vulnerability Management Is Not Fixing The Issue
You would be forgiven for thinking that because there are a whole range of solutions in the marketplace which scan endpoints for vulnerabilities that are known, it would be extremely basic to guarantee that endpoints were updated with the latest patches. All that is needed is for a scan to be run, the endpoints that need updating identified, run the updates and job done right? The concern here is that scans are only run periodically, patches fail, users will introduce vulnerable apps unintentionally, and the organization is now wide open up until the next scan. Furthermore, scans will report on applications that are installed however not utilized, which results in considerable numbers of vulnerabilities that make it challenging for an expert to focus on and manage.
What Is So Easy To Address Then?
The scans need to be run continuously and all endpoints monitored so that as quickly as a system is not compliant you will know about it and can react right away. Continuous visibility that offers real time notifying and extensive reporting is the brand-new requirement as endpoint security is redefined and people understand the age of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is actually running a recognized vulnerability can immediately be acknowledged, security workers notified, and the patch applied. Additionally, solutions can try to find suspicious activity from vulnerable applications, like abrupt application crashes, which is a possible sign of an exploit effort. Finally, they can likewise detect when a user’s system has actually not been restarted since the last security patch was available.
There Definitely Is Hope
The bright side about real-time endpoint visibility is that it deals with any vulnerable application (not just Adobe Flash) because, hackers will move from app to app to evolve their methods. There are basic solutions to huge problems. Security teams just need to be made aware that there is a much better method of managing and securing their endpoints. It simply takes the appropriate endpoint detection and response system.